CVE-2019-20049

Name of the Vulnerable Software and Affected Versions Alcatel-Lucent OmniVista 4760 (affected versions not specified)

Description A remote unauthenticated attacker can exploit a combination of directory traversal and insecure file upload vulnerabilities to achieve Remote Code Execution as SYSTEM. The directory traversal vulnerability is located in the construct() function, while the insecure file upload vulnerability is found in the SetSkinImages() function.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.